Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

#MVPLABSerie Azure Hybrid with Arc Enabled Windows Servers on-premises #AzureHybrid #Winserv

Microsoft Azure Hybrid with Arc enabled Servers

the last MVPLABSerie blogposts was about Windows Servers Insider with mvplab.local domain and SQL Clustering on-premises :

Today every company wants to benefit from Cloud to achieve more for the business. Microsoft made Azure Arc to simplify governance and management by delivering a consistent multi-cloud and on-premises management platform.

Microsoft Azure Hybrid

In the following steps we are going to onboard the Windows Insider Servers and Windows 11 Insider Beta Virtual Machine which are running in mvplab.local domain into the Microsoft Azure Cloud. We will install the Azure Connected Machine Agent via a PowerShell Script in the next steps :

Login in the Azure Portal

1. Search for azure arc
2. Click on Azure Arc.

Getting Started with Azure Arc

Click on Servers and then Click on Add.

Here you can Choose for the right script.
I choose for Add Multiple Servers with a Service Principle.
Click on Generate Script.

Read the prerequisites access to port 443.
view Outbound URLs link.
Click Next

Select the right Azure Subscription and Resource Group.
Select your Azure Region.
Select Operating System
Select the Connectivity method.
Click on Next

If you don’t have a Azure Service principal, you can create one here.

Click on Create Service principal.

Create your Service Principal

Copy your Client ID and Client Secret !
You need this later.

Select the just created Service Principal.

Here you can Tag the Arc Servers.
Here you can read more about Tagging
Click on Next

Choose the Deployment method :
Basic Script or Configuration Manager ( I choose for Basic)
Download the Script

I have copied the script to my Domain Controller On-premises here.

Open with PowerShell ISE the OnboardingScript.ps1
and Copy / Paste your
Service Principal Client ID and Secret here in the Script.
Click on save and run the script.

Start PowerShell in Admin modus

Run Script .\OnboardingScript.ps1

Server is connected with Azure 🙂

Here is the Azure Arc Enabled Server, my Domain Controller.

Here I have all the Azure Arc Capabilities available for my Domain Controller.
Azure Hybrid

With the Same Script I added the mvplab.local Windows Insider Servers to Azure
They are all Azure Arc Enabled Servers.

On all Azure Arc enabled Servers is the Azure Connected Machine Agent installed.

Conclusion

In a simple way you can deploy Azure Arc agent on your on-premises Servers to make them Azure Arc Enabled so you can enjoy the Azure Hybrid features from the Cloud. IT management and Security from Azure becomes available for your on-premises Servers.
It’s not only Infrastructure but also Data Services and Application Services what you can use for your Azure Hybrid Solution.
In the next Blogpost we will have a look at the Microsoft Azure Arc Features in my mvplab.local domain.


Leave a comment

MVPLAB Serie Cluster Aware Updating – CAU for Windows Server Insider #WindowsServerInsider #MVPBuzz #Winserv

Cluster Aware Updating (CAU)

In my last MVPLAB Serie blogpost, I wrote about setting-up a Microsoft Domain mvplab.local and making a Windows Server Insider Cluster with an iSCSI Target Host Server for Shared iSCSI Storage provisioning. First thing I did was Installing Windows Admin Center for Hybrid IT Management. With WAC we can Manage the Cluster Nodes but also the Cluster, Installing new features via Windows Admin Center like Kubernetes for running Containers and microservices. But first we start with Microsoft Cluster Aware Updating to keep your Cluster up-to-date.

Windows Admin Center Cluster Manager

Installing Cluster Aware Updating

In the following steps you can see how easy it is to install Cluster Aware Updating with Windows Admin Center on your Windows Server Cluster, in my case mvpcl01.mvplab.local

Go to your Windows Server Insider Cluster

In Cluster Manager, go to Updates.
Click on Add Cluster Aware Updating Role

Successfully configured Cluster Aware Updating (CAU)

On both Cluster Nodes is the Update Available.
Click on Install

Click on Install

Look at the status to see what is happening on the Cluster Nodes.

First Cluster Node is done

Both Cluster Nodes are updated successfully.

Here you can read more about Microsoft Cluster Aware Updating

Conclusion

Microsoft Windows Admin Center is the Administrator Management tool to use in your hybrid datacenter. You see how easy it is to configure Cluster Aware Updating (CAU) on your Cluster. When you use Windows Server Core or Azure Stack HCI then Windows Admin Center is really handy instead of command-line tools or PowerShell scripting.  here you can find more information about
Cluster Aware Updating requirements and Best Practices

Here you can JOIN the Windows Admin Center Community Group on LinkedIn


Leave a comment

#Microsoft Windows Server 2022 Insider Preview Build 25140 #Winserv #WindowsServerInsider #WAC

Here you can Download Windows Server Insider Preview Build

Ps. I downloaded the VHDX file for Hyper-V, but you can get also the ISO file here.

Getting started with the Windows Insider Program for Windows Server

Get exclusive access to Windows Server Insider Previews and Remote Server Administration tools and help shape the future of Windows Server in the Windows Insider Program for Windows Server. Register here for the Windows Server Insider program 

From here you can build your own local domain and Clusters in your LAB to test all the Features Windows Server 2022 Insider Preview Build 25140 has. Checking new Security features and doing your own pen tests.

Windows Server 2022 Insider Preview Build 25140.

Microsoft Vulnerable Driver Blocklist 

Testing security with Kali Linux Rolling distro in WSL 2.0 against Windows Server Insider
in my Lab. And give feedback about features and or issues on Windows Server Insider :

Give feedback on Windows Server Insider Preview Builds

And of course don’t forget Windows Admin Center for your LAB to manage your Servers, Azure Virtual Machines and your Clusters. You can download WAC here

What is new in preview is Windows Admin Center in the Azure Portal with Azure Arc Enabled Servers.

Windows Admin Center in the Azure Portal for Arc Enabled Servers 😉
Manage your Servers from the Cloud.

Conclusion

With Windows Server Insider Builds and Windows Admin Center, you can test and make your own LAB environment together for free. You can give the Microsoft product group feedback to make the product better. In the mean time your are learning new features and security in Windows Server Insider Preview Build and WAC before you go into production 🙂
I say a good win win situation and it’s fun to setup your own hybrid LAB.

Follow Microsoft Windows Server Insider Team on Tech Community

 

 

 


Leave a comment

Windows Admin Center and Deploying Windows Server Insider Build 25099 Core #WindowsAdminCenter #Winserv #WIMVP

Windows Admin Center Version 2110.2 Build 1.3.2204.19002

Windows Admin Center is a customer-deployed, browser-based app for managing servers, clusters, hyper-converged infrastructure, and Windows PCs. It comes at no additional cost beyond Windows and is ready to use in production. Learn more about Windows Admin Center.

Benefits

  • Simple and modern management experience
  • Hybrid capabilities
  • Integrated toolset
  • Designed for extensibility

Languages
Chinese (Simplified), Chinese (Traditional), Czech, Dutch (Netherlands), English, French, German, Hungarian, Italian, Japanese, Korean, Polish, Portuguese (Brazil), Portuguese (Portugal), Russian, Spanish, Swedish (Sweden), Turkish

In the following step-by-step guide I will deploy Windows Server 2022 Insider Build 25099 Core Edition with Windows Admin Center tool together with some great features for managing Windows Servers in a secure hybrid way with Microsoft Azure Cloud services. Like Azure Defender for Cloud, Azure Backup Vault, Azure Monitor, Security and more.
So I have Windows Admin Center 2110.2 installed and I have a Windows Server 2022 Hyper-V Server for my Virtual Machines in my MVPLAB Domain.
Now we will deploy the new Windows Server 2022 Insider Preview Build 25099.

In WAC on my Hypervisor in Virtual Machines

When you explore and open your Hyper-V Host and go to Virtual Machines, you can Click on Add and then on New for Creating your Windows Server Insider VM.

Create a New Windows Server Insider VM called StormTrooper01

Here you can configure your new Windows Server 2022 Insider VM with the following :

  • What kind of Generation VM (Gen 2 Recommended)
  • The path of your Virtual Machine and the path of your virtual disk(s)
  • CPU and you can make nested Virtualization too
  • Memory and use of Dynamic Memory
  • Network select the Virtual Switch
  • Network Isolation by VLAN
  • Storage, Create the size of the Virtual Disk. Choose an ISO or Select an existing VHD(x)

I Created a New 70GB OS Disk
and I want to Install the New Windows Server Insider OS from ISO.
Click on Browse

Here you Browse Default on your Hyper-V Host and select the ISO.

When the Windows Server ISO is selected you can hit Create

We get the Notification that the virtual machine is successfully created.

Only the Virtual Machine is now made with your specs and visible on the Hyper-V Host.
Select the New Virtual Machine (StormTrooper01) click on Power and hit Start.

After you started the VM, you can double click on it and go to Connect.
Click on Connect to the Virtual Machine.

Now you are on the console via VM Connect.

Click on Install Now

We are installing Windows Server 2022 Insider Core edition, because we have WAC 😉

Installing Windows Server 2022 Insider Core Preview Build 25099 via Windows Admin Center

Create New Administrator Password.

And here we have Sconfig of the Windows Server 2022 Core.
via Virtual Machine Connect.

Now we can add and connect the New Virtual Machine with Windows Server 2022 Insider Preview Build in Windows Admin Center via IP-Address.

The Next step is to join the Windows Server 2022 Insider to my Domain MVPLAB.

Click on the Top on Edit Computer ID
Click on Domain and type your domain name.
Click op Next
Add your administrator account for joining the server
Reboot the VM.

Windows Server 2022 Insider Preview Core edition is domain joined.

Now we have the New Microsoft Windows Server 2022 Insider Preview Build 25099 running in Windows Admin Center, we can use all the tooling provided by WAC also in a Azure Hybrid way. Think about Azure Defender for Cloud, Azure Monitor. In Microsoft Windows Admin Center we also have a topic Azure Hybrid Center :

Here you see all the Azure Hybrid benefit features for your Windows Server 2022 Insider.

  • Microsoft Azure Arc
  • Azure Backup
  • Azure File Sync
  • Azure Site Recovery
  • Azure Network Adapter
  • Azure Monitor
  • Azure Update Management
  • and More…

Microsoft Azure and the Windows Admin Center Team made the wizards customer friendly and easy to get those Azure Hybrid services for your Windows Server.
When you have your Server running, you want to make backups and Monitoring your Server for management. And after that you want to be in control of your security of your new Server. In the following steps you see some examples on the same Windows Server 2022 Insider Preview Build:

Microsoft Azure Backup via WAC

Click on Azure Backup
Select your Azure Subscription and the Azure Backup Vault.
Select your data and make the schedule.

Enter the Encryption passphrase and Apply.

Here you have Azure Backup Vault working together with WAC.

Azure Defender for Cloud Security

Click op Microsoft Defender for Cloud
Click on Setup
Add the right Azure Subscription and Workspace
Click on Setup.

Configuring Azure Defender for Cloud agent and Subscription.

Azure Defender for Cloud in Windows Admin Center on your Windows Server 2022 Insider Preview Build.

In Windows Admin Center there is also a Security tab for the Windows Server.

Here you can see your Secured-Core status

Here you can see if your system is supported for this security features 🙂

Enable the supported features and Restart de Virtual Machine.

And here you see my status overview.

Further more you can manage RBAC in Windows Admin Center when you have to work with different kind of users.

You can find RBAC in settings.

Conclusion

Windows Server Insider Core edition and Windows Admin Center are working better together! You have all the tools you need to startup your Windows Server and
manage it with WAC. Windows Admin Center is getting better and better to manage your Hybrid Datacenter and keep you as an Administrator in Control!
So is how I manage my MVPLAB but also for Production workloads I use Windows Admin Center and the Azure Portal together. With Microsoft Azure Arc Services
Azure Hybrid becomes your solution where Windows Admin Center can Support you with making Azure Stack HCI Clusters with Azure Kubernetes for your DevOps environment.

Windows Admin Center Community Group on LinkedIn


Leave a comment

Azure Arc Enabled Kubernetes Container Insights Alerts and Actions #Azure #Cloud #DevOps

Azure Arc-Enabled Data Services overview

Microsoft Azure Arc allows you to manage the following resource types hosted outside of Azure:

  • Servers: Manage Windows and Linux physical servers and virtual machines hosted outside of Azure.
  • Kubernetes clusters: Attach and configure Kubernetes clusters running anywhere, with multiple supported distributions.
  • Azure data services: Run Azure data services on-premises, at the edge, and in public clouds using Kubernetes and the infrastructure of your choice. SQL Managed Instance and PostgreSQL Hyperscale (preview) services are currently available.
  • SQL Server: Extend Azure services to SQL Server instances hosted outside of Azure.

I have a Kubernetes Cluster enabled with Azure Arc Services in my MVP LAB:

It’s Called Dockkube.

The Kubernetes Cluster is running on-premises and is enabled with Microsoft Azure Arc Services. With that said we get Azure Services available for management in the Cloud in a hybrid way. In the following step by step guide we activate Azure Monitor Insights for Containers on the Azure Arc enabled Kubernetes Cluster.

Container Insights Alerts / Actions on Azure Arc Enabled Kubernetes

Dockkube Insights

When you open Dockkube Azure Arc enabled Kubernetes, you will see on the left Monitoring Insights.
Then you have the options :

  • What’s New
  • Cluster
  • Nodes
  • Controllers
  • Containers.

Click on Containers, and you will see all the containers on the Azure Arc enabled kubernetes.
Then you have recommended Alerts (Preview) at the top, when you Click on it you will see all the predefined recommended alerts in preview. I have selected Node CPU % and Enabled the alert. With that you see on the above screenshot there is no action group assigned. That is the next step, click on No Action Group Assigned.

Click on Create a new action group.

Select the Azure Subscription, Resource group and give the
Action Group a name.
Click on Next: Notifications

Here you can select your type of Alert communication.
I have selected the option Email.

Setting the Name : Dock Kube Notify.

The next step you can select an action type :

  • Automation Runbook
  • Azure Function
  • Event Hub
  • ITSM
  • Logic App
  • Secure webhook
  • Webhook

In my MVP LAB, I don’t need an action but just a notification by email.

You can set a TAG here

Before you create the Alert rule with the action group, you get the option
to test the action group.
Click on Test Action Group.

Select a sample type.
I did Resource health alert
Click on Test.

The test is running.

I’m getting the Alert email in my box from Microsoft Azure.

Test is successful and click on Done.

Click on Create

Select the Action group for me is that DockKube CPU.
Click on Apply to Rule.

Now this Alert is active on my Azure Arc enabled Kubernetes 😉

When you go to Alert Rules, you will see the new Alert rule.
Here you can modify it if necessary.

For example, I want the severity from 3 Information to 2 Warning.

I made a severity 2 Warning.
Don’t forget to click on Save at the left top.

More Container Insights information on Microsoft docs :

Recommended metric alerts (preview) from Container insights 

Common alert schema

Use Cluster Connect to connect to Azure Arc-enabled Kubernetes clusters

Conclusion

Microsoft Azure Arc enabled kubernetes is Awesome for management in a hybrid way. I just showed you the power of Alert rules with action groups from the Azure Cloud to get Container Insights. Of course there are more Azure features for your Azure Arc enabled Kubernetes like Security (Preview) Kubernetes Resources, Policies, Gitops and more. Making your own dashboard with Container Insight information. Go for hybrid IT Management with Azure Arc enabled Kubernetes!

 


Leave a comment

Apply #security principles to your #architecture to protect against attacks on your data and systems

Hope you started year 2022 in Good Health in a difficult pandemic time.

Starting 2022 by asking yourself, how is your Security by Design doing in 2022
Your Security is one of the most important aspects of any architecture for your Business.
It provides confidentiality, integrity, and availability assurances against attacks and abuse of your valuable data and systems. Losing these assurances can negatively impact your business operations and revenue, and your organization’s reputation.

Here you find Awesome information about Applying security principles to your architecture to protect against attacks on your data and systems:

Microsoft Architecture and Security Docs

Here you find more information about NIST Cybersecurity Framework

The Microsoft Cybersecurity Reference Architectures (MCRA) describe Microsoft’s cybersecurity capabilities. These References and diagrams can support you with implementing Security by design.

Microsoft Defender for Cloud

Microsoft Defender for Cloud (formerly known as Azure Security Center) community repository. This repository contains:

  • Security recommendations that are in private preview
  • Programmatic remediation tools for security recommendations
  • PowerShell scripts for programmatic management
  • Azure Policy custom definitions for at-scale management of Microsoft Defender for Cloud
  • Logic App templates that work with Defender for Cloud’s Logic App connectors (to automate response to Security alerts and recommendations)
  • Logic App templates that help you run regular tasks or reports within the scope of Microsoft Defender for Cloud
  • Custom workbooks to visualize Defender for Cloud data

Become a Microsoft Defender for Cloud Ninja

Security and Learning is a ongoing process, I always say Learning on the Job 😉 is important to keep Up-to-Date every day of the week. Microsoft Tech Community platform and Microsoft Learning can support you to get the knowledge.

Become a Microsoft Defender for Cloud Ninja here

Conclusion

Microsoft and the community has a lot of good security information to start with for your Data and Systems to keep your business solution as save as possible. Here they write New blogposts for the community about Defender for Cloud

Keep in Mind “Security is only as strong as the weakest component in the Chain”

So keep your Security up-to-date and do assessments on vulnerabilities to keep your data and systems secure. Monitoring => Alerting => Remediation is 24/7/365 Process with Security people in the business.


Leave a comment

#Microsoft Defender for Cloud videos with @yuridiogenes #Security

Here you will find all the Microsoft Defender for Cloud videos with Yuri

Here you find all the Azure Security Center in the Field Videos with Yuri

You can follow Yuri Diogenes also on Twitter

 


Leave a comment

What’s New in Windows Server 2022 Security! #Winserv #Security #WindowsServer2022 #SecOps

Microsoft Security Compliance Toolkit 1.0

The Microsoft Security Configuration Toolkit enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs).  Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a domain controller or inject them directly into testbed hosts to test their effects. For more information, see Windows Security Baselines.

 

Baseline security policies for Windows Server 2022.

But what’s new in Microsoft Windows Server 2022?

Here we have some new Windows Server 2022 security features :

  • Secured-core server

  • Hardware root-of-trust

  • Firmware protection

  • Virtualization-based security (VBS)

  • Secure connectivity

    • Transport: HTTPS and TLS 1.3 enabled by default on Windows Server 2022

    • Secure DNS: Encrypted DNS name resolution requests with DNS-over-HTTPS

    • Server Message Block (SMB): SMB AES-256 encryption for the most security conscious

    • SMB: East-West SMB encryption controls for internal cluster communications

    • SMB over QUIC

  • Azure Arc enabled Windows Servers

  • Windows Admin Center

  • Azure Automanage – Hotpatch

You can read more information on these topics on Microsoft Docs

Windows Server 2022 security features

In the following steps you will see some of the security features of Microsoft Windows Server 2022.

When your Windows Server 2022 is running on a Hypervisor like Hyper-V, you can set Memory integrity under Windows Security to ON.
This prevents attacks from inserting malicious code into high security processes. When you set this security feature on, the Server needs a reboot to activate.
Memory Integrity needs a reboot.

Windows Security Notifications.

By default Virus & Threat protection notification is active, when you want notifications about Microsoft defender firewall blocking a new application, you have to turn this feature on and select the firewalls.

In Windows security we have also ransomware protection. 
Protect your files against threats like ransomware, and see how to restore files in case of an attack.
You can do this by Controlled folder access.
Protect files, folders and memory on your Server from unauthorized changes by software.

Protected folders.

New in Windows Server 2022 is Tamper protection in Windows Security.
This Prevents others from tampering with important security features.

 

This was all Microsoft Windows Server 2022 security in the VM, but how about your Windows Server 2022 Hyper-V Hypervisors?

Hypervisor-protected Code Integrity (HVCI) is a virtualization based security (VBS) feature available in Windows. In the Windows Device Security settings, HVCI is referred to as Memory Integrity.

HVCI and VBS improve the threat model of Windows and provide stronger protections against malware trying to exploit the Windows Kernel. VBS leverages the Windows Hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. HVCI is a critical component that protects and hardens this virtual environment by running kernel mode code integrity within it and restricting kernel memory allocations that could be used to compromise the system.

See Virtualization Based Security System Resource Protections for more details on these protections.

 

Here you find a great video with a session of Jeff Woolsey Principal Program Manager at Microsoft. It’s all about What’s new in Windows Server 2022.

Conclusion

Start with Microsoft Windows Server 2022 today and make your test environment to play with Windows Server 2022 and Security.
Make your core business application solution more secure then ever, and let a ethical hacker do pen tests on your solution.
When you have security by default in your architectural designs, and test your Windows Server 2022 for production workloads it makes a big different to keep your environment and solution safe. And when you monitor your Windows Server 2022 solution pro-active with Azure Monitor, Azure Security Center, Azure Defender like this with Azure Arc enabled Servers

This keeps you in Control on Security by design for your business.


Leave a comment

JOIN Microsoft Ignite 2021 Event November 2-4 #MSIgnite #Azure #Winserv #Windows11 #Hybrid

Microsoft Ignite 2021

Join Microsoft and the Community November 2–4, 2021 to explore the latest tools, training sessions, technical expertise, networking opportunities, and more. You can register here

Here you find some great MSIgnite guidance on Microsoft Tech Community :

Check out what’s new in Security at Microsoft Ignite

Surface at Microsoft Ignite: November 2021

Your Guide to Microsoft Teams at Microsoft Ignite Fall 2021

Windows at Microsoft Ignite: November 2021

A developer’s guide to Ignite 2021

Bring Azure Kubernetes Services to a Hybrid Environment (The Blueprint Files)

Follow @MS_Ignite on Twitter

Of course you can make your own schedule from the session catalog here

Don’t forget your Registration and have a Great innovative Microsoft Ignite 2021 Event 😉

 


Leave a comment

Azure Monitor Insights for Arc enabled Kubernetes Clusters anywhere #Azure #Kubernetes

Azure Monitor Insights for Monitoring your Containers.

In the last blogpost I wrote about Microsoft Azure Arc Services and how to connect a Docker for Desktop Kubernetes Cluster for testing your DevOps solution like Container Apps, Functions, App Services in a test environment. Here you find the Link to the Installation.

One of the Microsoft Azure Arc features is Azure Monitor Insights for monitoring your Kubernetes Cluster and the Containers.

Azure Arc Insights for Kubernetes Cluster anywhere

In the following step-by-step guide we will configure Azure Monitor Insights for your Kubernetes Cluster.

I Connected my Analytics Workspace CloudMVPLab.
Click on Configure.

Onboarding your Kubernetes Cluster will take some minutes.

After a while your Kubernetes Cluster Analytics data will show in Insights.

Here you see a navigation bar with the following topics

  • What’s New
  • Cluster
  • Reports
  • Nodes
  • Controllers
  • Containers.

Insights reports of the Kubernetes Cluster

Here you can Click on default reports of your Kubernetes Cluster.

Storage Capacity and Health Status report of your Kubernetes Cluster.

Storage Capacity more in Details.

Deployments Report of your Kubernetes Cluster.

Workload details Report of your Kubernetes Cluster.

Kubelet report of your Kubernetes Cluster

Data Usage of your Kubernetes Cluster

Data Usage

Insights the Nodes of the Kubernetes Cluster

Insights of the Nodes and on the right you can view Analytics.

Here you can work with Log Analytics on your Cluster.

Insights in Controllers of your Kubernetes Cluster

Insights of your Controllers

Insights Containers of your Kubernetes Cluster

Container Insights of your Kubernetes Cluster

Container Insights with Azure Log Analytics.

So with Azure Arc Enabled Kubernetes Clusters you can monitoring your Cluster and running Containers to keep you in Control on what is happening on the Cluster but also with your Container Apps and microservices. After this you can set Alerts and notifications when something is going wrong or offline. With this running you can start running your own App services, Containers or Azure functions on your Kubernetes Cluster.

Microsoft Senior Cloud Advocate Thomas Maurer explains in this awesome video how to add Azure App Services to your Kubernetes Cluster

Conclusion

This configuration with Docker for Desktop Kubernetes Cluster is for testing purpose only and can be used for your own DevOps solutions before you deploy on Production Ready Clusters. With Azure Arc Enabled Kubernetes Clusters you get the powerful Microsoft Azure Features and solutions in a secure way on your Kubernetes Cluster. I wish you lot of success with Azure Arc Enabled Kubernetes Clusters to make Awesome Apps and IT solutions for the Business 😉